??Equilibrium's Cyber Security Newsletter (March 2024)??

Welcome to the March edition of our Cyber Security Newsletter! ??

This month: we'll be delving into the real impact of AI on the cyber landscape and what that means for your business, we share episode 9 of 'The Cyber Hot Seat' podcast which explores how security leaders can translate complex concepts for non technical decision makers, along with exciting updates about the upcoming National Cyber Security show next month.

And that's not all – there's plenty more we haven't mentioned, so dive in to get the full scoop!

We want to make our newsletters really useful for you. Got suggestions or topics you'd like us to cover? Drop us a line at [email protected]. We're all ears!

You've likely heard a lot about AI lately, with plenty of voices quick to paint a picture of doom and gloom. It's easy to get caught up in the whirlwind of scaremongering.

But when we cut through the noise:

?? What does AI really mean for the landscape of cyber-attacks?

?? How do we, as the guardians against these threats, need to adapt and respond?

Recently, the National Cyber Security Centre (NCSC) shared a deep dive into how cyber-attacks are evolving, shedding light on how artificial intelligence is reshaping the Cyber Security landscape.

As a security leader, you're already tuned into the fact that AI is reshaping the cyber threat landscape, altering attack frequencies, severity, and methodologies. Given your role, this isn't news. In our latest blog we delve deeper into the NCSC’s findings and discuss actionable steps you can take today to help protect your business from AI driven attacks.

Find out more on our latest blog ??

Looking to bid for Government contracts? The government isn’t just throwing another requirement at you with Cyber Essentials; it’s ensuring that all its partners speak the same security language. This certification is about aligning on a Cyber Security baseline, minimising supply chain risks, and protecting critical information and services from cyber incidents.

This applies to companies who:

?Handle personal information of citizens, including details like home addresses, bank details, or payment information.

?Manage personal data of government employees, ministers, and special advisors, encompassing payroll, travel booking, and expenses information.

?Provide ICT systems and services configured to manage or process data at the 'Official' level, in accordance with the Government Security Classifications Policy.

?Involvements in contracts related to the routine operations of the government, the provision of services, and the management of public funds.

If you're gearing up to work with the government and need Cyber Essentials certification beforehand, check out our latest blog for detailed insights into the requirements ??

EPISODE 9 From Binary to Board: Translating Complex Concepts For Executive Decision Makers??

In episode nine, our host and Managing Director, Anish Chauhan, is joined by CISO Jon Begley from a leading global travel retailer.

Together, they discuss:

?Why it's crucial for security leaders to master the skill of simplifying complex security concepts for non-technical decision makers.

?Why technical expertise alone isn't sufficient for security leaders.

?The power of storytelling as a persuasive tool in advocating for security initiatives.

?The importance of ongoing investment in Cyber Security and its indispensable role in ensuring business continuity.

Curious about enhancing this skill as a security leader? Tune in to 'The Cyber Hot Seat' on Spotify, Apple and YouTube to uncover valuable insights!

We're back with more top tips from our Cyber Essentials consultant, Jacob Ward, to help you ace the certification process! Understanding how to prepare can make a huge difference in having a stress-free certification experience.

That's why Jacob, involved in these assessments daily, is sharing his first-hand insights to help you navigate the certification with confidence, and without hiccups!.

Jacob's top tips continued:

"Thoroughly review the Cyber Essentials Requirements for IT Infrastructure document, which is linked throughout the assessment. Refer to it, especially on questions that mention it. This document specifies what is expected from your organisation to achieve compliance under the Cyber Essentials scheme. For instance, if a question prompts you to describe the technical controls used to strengthen your passwords, you'll find relevant guidance in this document outlining the 'acceptable' answers."

Find out more about The Cyber Essentials Scheme ??

Have You Registered for Your FREE Tickets to the National Cyber Security Show 2024?

Register for FREE ??

Equilibrium is thrilled to be exhibiting as a Founding Partner for the THIRD consecutive year at the National Cyber Security Show 2024! ?? Visit us on stand 5/Q22.

Why attend?

??Get the real scoop on the latest cyber threats, trends, and how to tackle them in our fast-changing digital world.

??Meet the brains behind the screens: top Cyber Security experts and leaders ready to share their knowledge and connect with you.

??Dive into workshops and seminars with the pros to pick up practical tips and strategies for keeping cyber risks at bay.

??Check out the latest in Cyber Security innovations—products, services, software, and tech that can really boost your business’s defence game.

Ever wonder if your penetration tests are missing something crucial? Let's face it, real attackers aren't just hacking your systems; they're targeting your team, often exploiting human error to find a way in.

Join the MD of Equilibrium Security Anish Chauhan, to explore how blending traditional pen testing with real-world attack scenarios, like social engineering and phishing, gives you a complete picture of your organisation's security readiness.

Attending the Show? Visit Us at Stand 5/Q22! Enter our raffle for a chance to win fantastic prizes, like a free Cyber Essentials and Plus assessment and a Phishing Simulation service. Stop by, meet our team, and win big!

Register for FREE ??

When you ask a penetration tester what their strategy is for testing, it’s really not an easy question to answer. Testing for vulnerabilities is a bit like navigating a maze. It’s a complex process that involves using all sorts of tactics, techniques, and procedures to make sure everything’s thoroughly checked.

That’s why we’re here to simplify the strategy and thinking behind a penetration test, and show how our penetration testers approach a target application or system.

It's both an art and a science, uniquely adapted to your business's specific risks, blending technical precision with creative strategy to address security vulnerabilities.

Our guide for security leaders, is your inside look at how our ethical hackers uncover vulnerabilities, and the decision-making process that underpins our methodical approach to security testing.

Curious about our pen testing methodology? Download your guide today ??

We're back again with the latest and greatest in Cyber Security resources to keep you one step ahead and secure. With everything from insightful blogs and Cyber Security news to compelling podcasts, we've curated everything you need to maintain robust defences.

1. Hackers have devised a new technique (Conversation Overflow) to bypass AI security measures. SlashNext threat researchers have recently unveiled a cyber-attack strategy known as "Conversation Overflow." This approach uses disguised emails intended to slip past machine learning (ML) security measures, permitting harmful payloads to penetrate corporate networks. Discover more about how this method deceives Machine Learning security controls ??
2. A new type of denial-of-service (DoS) attack, known as Loop DoS, targets application-layer protocols using the User Datagram Protocol (UDP), potentially endangering hundreds of thousands of systems. The CISPA Helmholtz-Center for Information Security researchers identified that this attack method forces servers to engage in endless communication with each other by exploiting UDP's vulnerability to IP spoofing. Since UDP does not check the source IP addresses, attackers can manipulate the protocol to initiate a reflected DoS attack by sending forged UDP packets that cause servers to respond to each other rather than the attacker. Find out more about 'Loop Dos' attacks ??
3. Researchers from Colorado State University have uncovered significant security vulnerabilities in Electronic Logging Devices (ELDs) used in over 14 million US commercial trucks. The study, presented at the 2024 Network and Distributed System Security Symposium, revealed that ELDs could be exploited via Bluetooth or Wi-Fi to manipulate truck data, take control of vehicles, and even spread malware between trucks, posing a risk to the entire commercial fleet's security and operation. The vulnerabilities allow attackers within wireless range to easily connect to the ELDs due to default factory settings, such as predictable Bluetooth identifiers and weak Wi-Fi passwords. The research team demonstrated the feasibility of these attacks through bench testing and real-world simulations, including a drive-by scenario where they successfully slowed a truck by manipulating its ELD. Learn more on this about this discovery here ??

The March Edition: That's All, Folks!

Today was scheduled for the unveiling of the Annual Government Cyber Breaches Survey 2024, and we were eager to provide our insights on its findings. Unfortunately, the release has been postponed to the 10th April. Please stay tuned for our commentary on the survey's outcomes in our upcoming edition next month!

We'll be back next month with more insights. In the meantime, if you have any Cyber Security queries or just want to chat, feel free to call us on 0121 663 0055 ?? or drop an email at [email protected] ? We're always here to help!